Home > Vulnerability Database > CVE-2023-3758

Mend.io Vulnerability Database

CVE-2023-3758

Date: April 18, 2024

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Language: C

Severity Score

7.1

Related Resources (15)

Url: https://access.redhat.com/errata/RHSA-2024:3270

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/

Url: https://access.redhat.com/errata/RHSA-2024:2571

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/

Url: https://access.redhat.com/errata/RHSA-2024:1919

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-3758

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/

Url: https://access.redhat.com/errata/RHSA-2024:1922

Url: https://access.redhat.com/security/cve/CVE-2023-3758

Url: https://github.com/SSSD/sssd/pull/7302

Url: https://security-tracker.debian.org/tracker/CVE-2023-3758

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2223762

Url: https://access.redhat.com/errata/RHSA-2024:1921

Url: https://access.redhat.com/errata/RHSA-2024:1920

Url: https://www.mend.io/vulnerability-database/CVE-2023-3758

Severity Score

7.1

Weakness Type (CWE)

Improper Authorization

CWE-285

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-3758

Date: April 18, 2024

Language: C

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?